You are on page 1of 13


Cyber attacksis not in any way comparable to weapons of mass destruction. What a lot of people call them is weapons of mass annoyance. If your power goes out for a couple of hours, if somebody draws a mustache on Attorney Gen. Ashcrofts face on his website, its annoying. Its irritating. But its not a weapon of mass destruction. The same is true for this -James Lewis, 2003, Director of the Center for
Strategic and International Studies

Analyzed by: Josh Burleson Brian Epp Chrissy Miller Martin Vanis

Introduction to Cyber-Warfare
Cyberwar Leveraging the internet for political, military, and economic espionage activities Cyberwarfare Politically motivated hacking to conduct sabotage and espionage Dangers Lack of agreed upon definitions make preparation, defense, and response in the face of attack difficult The more developed a State is, the more dependent it is on the Internet Internet is essential to every modern State

Cyber-Space The Final Frontier

Considered the newest domain of warfare Civilian vs. Civilian (Cyber-Crime) Civilian vs. State State vs. Civilian State vs. State

Civilian Hackers
Their threat-level ranges based on malicious intent Cyber-crime, not Cyber Warfare Crime may be a step or signify the potential for individual hackers/collective hacktivists to participate in Warfare Documented Cases
1970: MOD (Masters of Deception) 2010: Spanish Investigators arrested 3 individuals responsible for BotNet infection of more than of Fortune 1000 companies and > 40 major banks

Cyber War between Sunni vs. Shiite

While media coverage focuses on the most high-profile hacks or defacements, this current cybercampaign is a War of a Thousand Cuts -Jeffrey Carr Inside Cyber Warfare

Neo, The Matrix Has You


No central authority/hierarchy Sheer size and capability poses threat Capability, Opportunity, Intent not your personal army

Civilian vs. State can be far more dangerous than the petty annoyances that Anonymous may engage in Operation Cast Lead (Israeli vs. Arabic Hackers)

State vs. Civilian

Internet Policing
The U.S. reserves the right to respond to serious cyber attacks with an appropriate proportional an justified military response. DepSecDef Lynn ,Inside Cyber Warfare p.273 International law makes response difficult and sensitive Asset-seizing, monitoring Foreign espionage vs. Sensitive personnel
U.S. Intelligence Community highly suspects GhostNet to be Chinese government

The Bombs Bursting in Binary?

State State
Some state-sponsored organizations that engage civilians can also engage states; the difficulty being the return address problem Ambiguity halts any linkage between state and non-state actor sponsorship; therefore forbidding war based on international law State vs. Iran (StuxNet)
Either Israel or U.S. implanted a worm in Iranian nuclear-facilities

United States vs. Libya

U.S. discussed using cyber-attacks to cripple Libyan infrastructure

Evolution of War
Most Dangerous Cyber Attacks
Modernized countries are most vulnerable to these attacks

The Need to Evolve

For security to be more effective, offensive advancements necessitate defensive advancements

Over last 5 years, 650% increase in security breaches...USGAO Report

to Congressional Committees

Game Theory Matrix

European Commission estimates a 10-20% probability that in the next 10 years IT industry will experience a major breakdown resulting in a global economic cost exceeding $250B Attack US Construct Defense + US ~ Construct Defense ++ __ 0 _ ++ Status Quo 0 ~Attack __

NSA requested $5.2B to construct USCYBERCOM to meet the NSAs continually evolving requirements.

The *Center for Strategic and International Studies Commissions+ three major findings are: (1) cybersecurity is now a major national security problem for the United States; (2) decisions and actions must respect privacy and civil liberties; and (3) only a comprehensive national security strategy that embraces both the national and international aspects of cybersecurity will make us more secure.
-Securing Cyberspace for the 44th Presidency: A Report of the CSIS Commission on Cybersecurity for the 44th Presidency